Lucene search
HistoryJul 24, 2014 - 2:55 p.m.
CVE-2014-4683
siemens
simatic
wincc
webnavigator
server
remote
authenticated
privileges
cve-2014-4683
nvd
4.9 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
6.6 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
49.3%
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request.
Affected configurations
Node
siemenssimatic_pcs7Range≤8.0sp1
ORsiemenssimatic_pcs7Match7.1sp3
ORsiemenssimatic_pcs7Match8.0
ORsiemenswinccRange≤7.2
ORsiemenswinccMatch5.0
ORsiemenswinccMatch5.0sp1
ORsiemenswinccMatch6.0
ORsiemenswinccMatch6.0sp2
ORsiemenswinccMatch6.0sp3
ORsiemenswinccMatch6.0sp4
ORsiemenswinccMatch7.0
ORsiemenswinccMatch7.0sp1
ORsiemenswinccMatch7.0sp2
ORsiemenswinccMatch7.0sp3
ORsiemenswinccMatch7.1
ORsiemenswinccMatch7.1sp1
Related
cvelist
cvelist
CVE-2014-4683
2014-07-24 14:00:00
nvd
nvd
CVE-2014-4683
2014-07-24 14:55:08
prion
prion
Cross site request forgery (csrf)
2014-07-24 14:55:00
ptsecurity
ptsecurity
PT-2014-13: Privilege Gaining in Siemens SIMATIC WinCC
2012-12-23 00:00:00
threatpost
threatpost
Siemens Patches Five Vulnerabilities in SIMATIC WinCC for PCS 7
2014-10-07 14:49:31
ics
ics
Siemens SIMATIC WinCC Vulnerabilities (Update A)
2018-09-06 12:00:00
kaspersky
kaspersky
KLA10393 LPE & OSI vulnerabilities in Siemens Simatic WinCC
2014-07-23 00:00:00
4.9 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
6.6 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
49.3%
Related for CVE-2014-4683